<?php
	$uri = $_SERVER['REQUEST_URI'];
	$uri_var = explode('/', $uri);
	
	$count = count($uri_var);
	$dot = "";
	
	for($i=0; $i<$count-2; $i++)
	{
		$dot = $dot."../";
	}
?>
<?php include($dot.'mvz-config/system/begin.php'); ?>
<?php include($dot.'mvz-config/system/session_start.php'); ?>
<?php include($dot.'mvz-config/system/session.php'); ?>
<?php
	/* Start Process */
	
	// Get User Info
	if(!isset($_POST['process_module_id']))	{$modid = "";}	else{$modid = sql_quote(trim($_POST['process_module_id']));}
	if(!isset($_POST['process_module_name']))	{$modname = "";}	else{$modname = sql_quote(trim($_POST['process_module_name']));}
	if(!isset($_POST['process_module_sub_id']))	{$modsubid = "";}	else{$modsubid = sql_quote(trim($_POST['process_module_sub_id']));}
	if(!isset($_POST['process_module_category']))	{$modcategory = "";}else{$modcategory = sql_quote(trim($_POST['process_module_category']));}
	if(!isset($_POST['process_type']))		{$type = "";}	else{$type = sql_quote(trim($_POST['process_type']));}
	if(!isset($_POST['process_userin']))	{$user = "";}	else{$user = sql_quote(trim($_POST['process_userin']));}
	if(!isset($_POST['process_usergroup']))	{$usrgrp = "";}	else{$usrgrp = sql_quote(trim($_POST['process_usergroup']));}
	if(!isset($_POST['process_datein']))	{$date = "";}	else{$date = sql_quote(trim($_POST['process_datein']));}
	
	// echo "modid : ".$modid." -<br />";
	// echo "modname : ".$modname." -<br />";
	// echo "modsubid : ".$modsubid." -<br />";
	// echo "modtype : ".$modcategory." -<br />";
	// echo "type : ".$type." -<br />";
	// echo "user : ".$user." -<br />";
	// echo "usrgrp : ".$usrgrp." -<br />";
	// echo "date : ".$date." -<br />";
	// die();
	
	//echo "isValid start here"; die();
	
	$isValid = check_user_module_process_privilege($user, $usrgrp, $modcategory, $modid, $modsubid, $type);
	
	//echo "isValid end here"; die();
	
	if($isValid)
	{
		// echo "<pre>";
		// print_r($_SESSION);
		// echo "</pre>";
		
		if(!isset($_POST['txt_image_name']))	{$name = "";}	else{$name 	= sql_quote(trim($_POST['txt_image_name']));}
		if(!isset($_POST['txt_image_PK_id']))	{$PK_id = "";}	else{$PK_id = sql_quote(trim($_POST['txt_image_PK_id']));}
		if(!isset($_POST['txt_image_label']))	{$label = "";}	else{$label = sql_quote(trim($_POST['txt_image_label']));}
		if(!isset($_POST['txt_image_front']))	{$front = "";}	else{$front = sql_quote(trim($_POST['txt_image_front']));}
		if(!isset($_POST['txt_image_back']))	{$back = "";}	else{$back 	= sql_quote(trim($_POST['txt_image_back']));}
		if(!isset($_POST['txt_image_position']))	{$position = "";}	else{$position 	= sql_quote(trim($_POST['txt_image_position']));}
		if(!isset($_POST['rdo_image_role']))	{$role = "";}	else{$role 	= sql_quote(trim($_POST['rdo_image_role']));}
		if(!isset($_POST['rdo_image_activate']))	{$activate = "";}	else{$activate 	= sql_quote(trim($_POST['rdo_image_activate']));}
		
		$role = "image";
		
		// echo "PKid : ".$PK_id." -<br />";
		// echo "name : ".$name." -<br />";
		// echo "label : ".$label." -<br />";
		// echo "front : ".$front." -<br />";
		// echo "back : ".$back." -<br />";
		// echo "position : ".$position." -<br />";
		// echo "role : ".$role." -<br />";
		// echo "activate : ".$activate." -<br />";
		// die();
		
		if($type == "ADD")
		{
			// echo "<pre>";
			// echo print_r($_FILES);
			// echo "</pre><br>";
			// die();

			$imagename = $_FILES["file"]["name"];
			$imagetempname = $_FILES["file"]["tmp_name"];
			$imagetype = $_FILES["file"]["type"];
			$imageextension = explode(".", $_FILES["file"]["name"]);
			$imageextension = $imageextension[1];
			$imagesize = $_FILES["file"]["size"];
			$imagelocation = "local";
			
			$allowedLogoTypes = image_type_allowed(); // see function_upload_image.php for Setting
			$allowedLogoExtensions = image_extension_allowed(); // see function_upload_image.php for Setting
			$allowedLogoSize = image_size_allowed(); // see function_upload_image.php for Setting
			
			// echo "imagename : " . $imagename . "<br />";
			// echo "imagetempname : " . $imagetempname . "<br />";
			// echo "imagetype : " . $imagetype . "<br />";
			// echo "imageextension : " . $imageextension . "<br />";
			// echo "imagesize : " . format_size($imagesize) . " - " . format_size($allowedLogoSize) . "<br />";
			// die();
			
			if($imagename != "" || !empty($imagename))
			{
				$isValidUpload = true;
				
				if (!(in_array(strtolower($imagetype), $allowedLogoTypes)))
				{
					$isValidUpload = false;
					$error .= "Invalid image type : <span style='color:red;'>".$imagetype."</span><br />";
				}
				
				if(!(in_array(strtolower($imageextension), $allowedLogoExtensions)))
				{
					$isValidUpload = false;
					$error .= "Invalid image extension : <span style='color:red;'>".$imageextension."</span><br />";
				}
				
				if(!($imagesize < $allowedLogoSize))
				{
					$isValidUpload = false;
					$error .= "Invalid image size : <span style='color:red;'>".format_size($imagesize)."</span> / <span style='color:green;'>".format_size($allowedLogoSize)."</span><br />";
				}
				
				// Set Folder Path Upload Target
				$upload_path = "../../../upload";
				
				if($isValidUpload)
				{
					$string_msg = "";
				
					if ($_FILES["file"]["error"] > 0)
					{
						$string_msg = "Error : " . $_FILES["file"]["error"] . "<br />";
					}
					else
					{
						if (file_exists($upload_path . "/" . $imagename))
						{
							$string_msg = $imagename . " is already exists. Please rename the imagename and try again.<br />";
						}
						else
						{
							if(move_uploaded_file($imagetempname, $upload_path . "/" . $imagename))
							{
								$sql = "insert into ms_file (filename, filelabel, filesize, filetype, filerole, filelocation, fileurl, fileposition, filestatus, userin, datein, stsrc) 
										values ('".$imagename."', '".$label."', '".$imagesize."', '".$imagetype."', '".$role."', '".$imagelocation."', '".$upload_path . "/" . $imagename."', ".$position.", ".$activate.", ".$user.", '".$date."', 'A')
									";
								//echo $sql; die();
								$exe = mysql_query($sql) or die(mysql_error());
								
								$sql2 = "select fileid from ms_file where filename = '".$imagename."' and stsrc = 'A' ";
								//echo $sql2; die();
								$exe2 = mysql_query($sql2) or die(mysql_error());
								$row2 = mysql_fetch_array($exe2);
								
								$width = "";//get_image_size(getURLdomain()."/upload/".$imagename, "width");
								$height = "";//get_image_size(getURLdomain()."/upload/".$imagename, "height");
								
								$sql3 = "insert into ms_image (fileid, imagewidth, imageheight) 
										values ('".$row2['fileid']."', '".$width."', '".$height."')
									";
								//echo $sql3; die();
								$exe3 = mysql_query($sql3) or die(mysql_error());
							
								$string_log = "Upload ".ucwords($role)." Management ".$PK_id." - ".$imagename." ";
								$string_msg .= ucwords($role)." ".$imagename." succesfully uploaded";
							}
							else
							{
								$string_msg .= "Error... Fail to upload ".ucwords($role)." ".$imagename."";
							}
						}
					}
				}
				else
				{
					echo $string_msg = $error . "<br />";
				}
			}
			else
			{
				echo $string_msg = "Please select ".ucwords($role)." to upload!";
			}
		}
		else if($type == "EDIT")
		{
			$sql = " update ms_file ";
			$sql .= " set 	filelabel = '".$label."',
							fileposition = '".$position."',
							filestatus = '".$activate."',
							userup = ".$user.",
							dateup = '".$date."'
							
					";
			$sql .= " where fileid = ".$PK_id." and filerole = '".$role."' and stsrc = 'A'
					";
			
			$exe = mysql_query($sql) or die(mysql_error());
			
			$string_log = "Edit ".$role." Management ".$PK_id." - ".$name." ";
			$string_msg = "Data ".$name." succesfully changed";
		}
		else if($type == "DELETE")
		{
			//echo "delete here"; die();
		
			$sql = "select filename from ms_file where stsrc = 'A' and filerole = 'image' order by dateup desc, datein desc limit 0,1";
			$exe = mysql_query($sql) or die(mysql_error());
			$num = mysql_num_rows($exe);
			$row = mysql_fetch_array($exe);
			
			// echo getURLdomainExtension("/upload/".$row['filename']);
			// die();
			
			unlink("../../../upload/".$row['filename']);// or die("Error Unlink / Delete File or Folder");
			
			$sql = " update ms_file ";
			$sql .= " set 	stsrc = 'D',
							userup = ".$user.",
							dateup = '".$date."'
					";
			$sql .= " where fileid = ".$PK_id." and filerole = '".$role."' and stsrc = 'A'
					";
			
			$exe = mysql_query($sql) or die(mysql_error());
			
			$sql = "delete from ms_image where fileid = ".$PK_id." ";
			$exe = mysql_query($sql) or die(mysql_error());
			
			$string_log = "Delete ".$role." Management ".$PK_id." - ".$name." ";
			$string_msg = "Data ".$name." succesfully deleted";
		}
		else
		{
			$string_log = "Error : Management ".ucwords($role);
			$string_msg = "Error";
		}
		
		addLogByUsername($string_log);
		setSessionMsg($string_msg);
		//header("Location: ".url_referer());
		echo "<meta http-equiv='REFRESH' content='0;url=".url_referer()."'>";
	}
	else
	{
		addLogByUsername("Access Denied : Management ".ucwords($role));
		setSessionMsg("Access denied");
		echo "<meta http-equiv='REFRESH' content='0;url=".url_referer()."'>";
	}
	
	/* End Process */
?>
<?php include($dot.'mvz-config/system/end.php'); ?>